[wolverine876]

> Serve malicious updates from a locally controlled machine. Lord knows about auth.

Wouldn't they have to break into my local machine first, plant an update service, and an update? That doesn't seem to scale well at all, and wouldn't it be easier to just break into the machine they want to 'update'?

[timschmidt]

A fairly prominent update service already runs from the domain microsoft.com Many machines come with it preinstalled.

[wolverine876]

The erroneous DNS change wouldn't help that sort of exploit. It just redirects attempts to contact microsoft.com to a local address, probably a router.

[timschmidt]

That's exactly what I said in the first post.